package com.liuyang.configclient.securityConfigurer;

import org.springframework.boot.actuate.autoconfigure.security.EndpointRequest;
import org.springframework.boot.autoconfigure.security.StaticResourceRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
	        // 1
	        .requestMatchers(EndpointRequest.to("status", "info","refresh"))
	            .permitAll()
	        // 2
	        .requestMatchers(EndpointRequest.toAnyEndpoint())
	            .hasRole("ACTUATOR")
	        // 3 
	        .requestMatchers(StaticResourceRequest.toCommonLocations())
	            .permitAll()
	        // 4
	        .antMatchers("/**")
	            .hasRole("USER")
				.and();
	}
}
